As a result, banking institutions should prepare themselves for possible litigation by reviewing their indemnification rights with third-party vendors and service providers as well as setting up patent defense budgets, says James Denaro, a Washington-based attorney specializing in patent laws.

"Essentially every single financial institution is at risk of being accused of infringement," says Denaro, who leads the intellectual property practice at the CipherLaw Group. "What's interesting about these patents is they are alleged to cover some very fundamental parts of how a bank does business."

Patent Trolling

The emergence of so-called "patent trolls" is a growing concern. These companies attempt to enforce patents, and seek legal damages, against companies they claim are infringing on patents they own.

On June 4, the White House issued a study about how patent holding companies are increasingly using litigation as a business model to either earn income from royalties or receive settlement funds from the companies they sue for infringement. The Obama administration announced plans to push several legislative measures on the issue.

Gene Sperling, director of the National Economic Council and assistant to the president for economic policy, notes in a blog about the trolling trend that the number of lawsuits filed by patent trolls has tripled in the last three years. "All told, the victims of patent trolls paid $29 billion in 2011, a 400 percent increase from 2005 - not to mention tens of billions dollars more in lost shareholder value," he writes.

Companies filing patent-related lawsuits have been accused of hampering innovation because most recent suits involve technology, Denaro says. "We are seeing a lot of patent lawsuits getting filed now by non-practicing entities, and we are seeing this emerging as a business model itself," he says. "The patent holding company is a relatively new phenomenon."

Patent holding companies often acquire older patents from other companies.

Core Banking Tech Questioned

Since May, one of the world's largest patent-holding companies, Intellectual Ventures, has filed infringement lawsuits against eight leading U.S. banks: Commerce Bancshares, Capital One Financial Corp., Bank of America Corp., BBVA Compass Bancshares, Fifth Third Bancorp, JPMorgan Chase & Co., PNC Financial Services Group and First National Bank of Omaha.

In some cases, the patents mentioned in these suits are alleged to cover basic banking functions and features used in ATM and online-banking transactions. In other cases, even cryptography methods used to conform to security standards, such as the Payment Card Industry Data Security Standard, have been brought into question, Denaro says.

"These are significant cases, because any financial institution using PCI DSS could be at risk of being sued for patent infringement by Intellectual Ventures," Denaro says.

Denaro says all of the suits allege infringement of patents for technologies and services that are often core to banking institutions' operations.

In the most recent lawsuit, which was filed June 20 against Commerce Bank, Intellectual Ventures claims the bank's encryption of data contained on its website as well as within its systems and services - designed to comply with the PCI DSS - infringes two patents, Denaro says. One patent is for encryption, originally assigned to Entegrity, and a separate patent is for firewall/intrusion detection, originally assigned to BellSouth.

In the suit filed June 19 against CapOne, Intellectual Ventures claims the bank's online bill payment system infringes on a security infrastructure for electronic transactions patented by Entegrity Solutions Corp. The suit also claims that the bank's ATM service infringes on a patent for an imaging technology patented by Eastman Kodak Co.

Intellectual Ventures now owns all of the patents in question.

When faced with patent lawsuits, banking institutions have to decide whether to settle and pay for the licenses to the patents, which could include one-time fees or ongoing royalties, or go to trial, Denaro says. It's a complicated issue, and one that could not only cost banks money but also could essentially rob them of owning the core products and services they provide, he adds.

Indemnification Rights?

What makes these infringement cases complicated, Denaro says, is that the patent violations alleged in the suits don't specifically mention the technologies or services used by the banks. Intellectual Ventures is claiming these banks' systems infringed on certain patents that cover technologies used for PCI compliance and ATM transactions; but the patents themselves never expressly mention PCI or ATMs, he says.

"This gets to the fundamental policy debate that is going on in this country right now," Denaro says. "The patent may cover public key cryptography, but does it really cover PCI?"

Technologies and systems used for data encryption and ATM systems are core to banking, he adds. Many banks own and manage these technologies and systems, while others buy or outsource products from third parties that package these technologies and systems, Denaro says.

When third parties provide the technologies and services, banking institutions may have indemnification rights, he explains. This won't get banks off the hook for ultimately dealing with the patent dispute, but it could save them from paying the legal fees, Denaro says.

"If a bank goes out and procures services from a third party, oftentimes that agreement comes with indemnification," he says. "This third party agrees that if the bank is sued for some patent infringement, then the third party will come in and pay. But, technically speaking, the bank is still the subject of the lawsuit, and it is still they're responsibility to settle the suit or go through with the litigation.

That's why the American Bankers Association is supporting more governmental oversight in the patent litigation arena. On June 4, the ABA issued a statement in support of the White House's recommendations to protect the private sector from "frivolous litigation."

"The risk of abusive patent litigation and disingenuous license fee demands by non-practicing entities or 'patent trolls' is a serious and growing problem for banks of all sizes," ABA President and CEO Frank Keating says in the statement. "We sincerely appreciate the White House's announcement of a package of executive actions and legislative recommendations designed to protect against frivolous litigation and ensure high-quality patents. We are particularly pleased the package included recommendations to address end-user and demand letter issues, which are very important to smaller banks."

On June 5, Intellectual Ventures responded to the Obama administration's call for tighter patent system controls, saying it supported reform but said it felt the details of the White House's proposal needed further review. "Intellectual Ventures believes 'real party in interest' proposals are misguided and merit further discussion, but we will, of course, comply with whatever regulations are enacted," the company states.

About the Author

A veteran journalist with more than 18 years' experience, Kitten has covered the financial sector for the last 11 years. Before joining Information Security Media Group in 2010, where she now serves as the Executive Editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;